redline | 0a7f5f666fb7a1cdda25353191ddaced97674f596af7230d58af2ee14ea14819 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

cd3f88a43b...10.exe

windows7-x64

cd3f88a43b...10.exe

windows10-2004-x64

Sharing

General

Target

cd3f88a43b2764c4896ab8f879fb2c10
Size

653KB
Sample

240316-gb6hfaeh59
MD5

cd3f88a43b2764c4896ab8f879fb2c10
SHA1

bb85a6645a908be90ff4015e069904194cb282cf
SHA256

0a7f5f666fb7a1cdda25353191ddaced97674f596af7230d58af2ee14ea14819
SHA512

9f9987b804d0e8cff9c383651fd0b88d98ca21e3f318643b0afc9c05d352f66a9a7baa048644ab89e9bfee94e92e90fa433f3fb4b99e70d5c457eb9052bdd1f1
SSDEEP

6144:LQBD8ozQzHR21FJLgGz0kUTVvSERat1Hin2n+jX/oKrcqIyfm/a7bB3+Xv:LQBD8DWsvS+ICn2n0AKgqIyfmE

Score

10^/10

redline sectoprat crypto infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cd3f88a43b2764c4896ab8f879fb2c10.exe

Resource

win7-20240215-en

redline sectoprat crypto infostealer rat trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

cd3f88a43b2764c4896ab8f879fb2c10.exe

Resource

win10v2004-20240226-en

redline sectoprat crypto infostealer rat trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

CRYPTO

C2

212.86.102.139:32600

Targets

- Target
  
  cd3f88a43b2764c4896ab8f879fb2c10
- Size
  
  653KB
- MD5
  
  cd3f88a43b2764c4896ab8f879fb2c10
- SHA1
  
  bb85a6645a908be90ff4015e069904194cb282cf
- SHA256
  
  0a7f5f666fb7a1cdda25353191ddaced97674f596af7230d58af2ee14ea14819
- SHA512
  
  9f9987b804d0e8cff9c383651fd0b88d98ca21e3f318643b0afc9c05d352f66a9a7baa048644ab89e9bfee94e92e90fa433f3fb4b99e70d5c457eb9052bdd1f1
- SSDEEP
  
  6144:LQBD8ozQzHR21FJLgGz0kUTVvSERat1Hin2n+jX/oKrcqIyfm/a7bB3+Xv:LQBD8DWsvS+ICn2n0AKgqIyfmE
Score

10^/10

redline sectoprat crypto infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectopratcryptoinfostealerrattrojan

behavioral2

redlinesectopratcryptoinfostealerrattrojan

© 2018-2025

Terms | Privacy